Quoting Ryan Russell (ryan at thievco.com):
> And it continues to spread while running as the non-privileged user, yes?
Yes. Excellent point.
Misbehaving systems that aren't root compromised are nonetheless a
public menace.